Flash Gets in One More Security Fail Before Retirement
The vulnerability was discovered by several security firms
Adobe has issued a security update for Flash Player today to patch a zero-day vulnerability exploited by attackers in the wild.
The vulnerability was discovered and independently reported by several security firms —ICEBRG, Tencent, and two security divisions from Chinese cyber-security giant Qihoo 360.
The vulnerability, tracked as CVE-2018-5002, impacts Adobe Flash Player 18.104.22.168 and earlier versions. It was fixed with the release of Flash Player 22.214.171.124. Experts say the hackers used Office files to exploit this Flash zero-day. Attackers would deliver Office files to victims that would load a malicious SWF file from a remote server and execute it inside the Office document.
Please select this link to read the complete article from Bleeping Computer.